CallidusCloud Operations and Support Privacy Policy (“Policy”)

Scope

CallidusCloud (“CallidusCloud“) develops and licenses sales performance management (“SPM”) software applications to global companies across multiple industries. Our EIM systems allow enterprises to develop and manage, or allow us to manage on their behalf through our CallidusCloud On-Demand services, incentive compensation programs linked to the achievement of strategic business objectives.

Through the use of our software applications, customers can, among other things, calculate sales commissions for their employees, sales agents, resellers and others (collectively, “Payees“), analyze the effectiveness of incentive plans, pay and report on commissions and bonuses to Payees, and assist to resolve disputes regarding commissions and bonuses.

This Policy describes CallidusCloud’s practices concerning the personal, non-public data we may access and/or receive when performing: (i) CallidusCloud On-Demand software application administration via our Hosted and Managed services offerings, (ii) Maintenance and support for our software applications, and (iii) other similar consulting services related to our software. The CallidusCloud On-Demand, maintenance and support, and other consulting services may be collectively referred to as “Customer Services.”

Background

Traditionally, CallidusCloud has licensed our software applications to customers under perpetual end-user software licenses. Customers then integrate the applications into their networks, often with our assistance according to negotiated consulting services agreements and/or the assistance of third party implementers.

Once implemented, CallidusCloud provides typical maintenance and support services for our software. In the course of performing maintenance and support services, we may need to access or be provided personal, non-public data of Payees for any number of reasons including, without limitation, problem resolution, performance evaluation, and application of software patches and fixes.

In addition to CallidusCloud’s traditional software licensing strategy, we also provide services designed to reduce customer operating costs under the umbrella of our CallidusCloud On-Demand offerings. The CallidusCloud On-Demand services include two principle services: (i) Hosted software application operations performed by our personnel or authorized subcontractors on non-customer owned servers which we and our customers access via the World Wide Web, and (ii) Managed, on-premises services under which we provide trained and qualified personnel to customers to perform software application operations at customers’ facilities using the customer’s servers. Under both the Hosted and Managed services offerings, we may access or be provided with the personal, non-public data of Payees either directly or as it is contained within certain customer sales performance data.

Personal, Non-Public Information

When providing Customer Services, CallidusCloud and any of our authorized subcontractors will generally have the ability to access or be provided personally identifiable information of Payees to the extent it is embedded in data files provided by our customers for processing via our software applications. In general, we are obligated to maintain such information as confidential pursuant to the terms of applicable agreements with our customers.

The information CallidusCloud may access or be provided is not required by the CallidusCloud applications to run properly. However, to the extent customers provide this information as part of the data feeds to the CallidusCloud applications, CallidusCloud may have access to it. This information may include data regarding Payee personal, non-public information which can include, without limitation, individual names, addresses, social security or other generally recognized country specific taxpayer identification numbers, employee identification numbers, salary data, sales quotas, sales commissions and other forms of incentive compensation payment amounts, and any other information which our customers use in connection with their incentive compensation plans.

Customer Sales Performance Information

Also when providing Customer Services, CallidusCloud’s personnel and any authorized subcontractors may load, process and store customer sales performance metrics that are considered confidential to our customer’s performance in their respective markets. In general, we are obligated to manage and maintain such information, including any personal, non-public data included therein, as confidential pursuant to the terms of applicable agreements with our customers.

The information CallidusCloud may access or be provided typically concerns customer sales performance metrics data which frequently includes, without limitation, sales orders, invoices, claims, and any other information which our customers use in connection with their incentive compensation plans.

Data Protection

CallidusCloud is committed to protecting the personal, non-public information that we access and receive from our customers regarding their operations and the data of their actual or potential customers. This commitment extends across our company as the information we access or receive will likely be transferred electronically over the World Wide Web one or more times and, in the case of our On-Demand services, possibly on a daily basis according to the terms of our agreements with our customers. Such transfers generally relate to our analysis and/or processing of data by one or more of our multiple offices in the United States, as well as facilities in Europe, Australia, Asia and other locations throughout the world. Moreover, information that we access while performing Customer Services at customers’ facilities is also included in this policy.

Accordingly, CallidusCloud has implemented policies and procedures we consider appropriate for the protection of personal, non-public data. For example, we have implemented security protocols intended to prevent unauthorized access to personal, non-public information. These protocols include policies, procedures, and technologies relating to data access and security controls. In addition, we use standard security protocols and mechanisms in the transmission of sensitive data.

Additionally, CallidusCloud is a self-certified participant to the Safe Harbor Program created by the joint efforts of the US Department of Commerce and European Union. Additional information about the Safe Harbor Program is available at the Safe Harbor Welcome Page http://www.export.gov/safeharbor/.

Data Usage and Collection

CallidusCloud’s use and collection of personal, non-public information is extremely limited. To begin, we do not control the collection or use of personal, non-public information by our customers. Accordingly, we are not liable for any failure by our customers to appropriately notify or obtain necessary consents for the transfer of any individual’s personal information. Any individual concerned about our access or use of their personal, non-public data should direct disclosure requests, personal information correction inquiries and other such needs solely to the applicable customer.

In fact, in general unless CallidusCloud is obligated under agreements with our customers to interact directly with Payees in the administration of Payee related issues such as disputes over sales commission calculations or payments, we do not collect personal, non-public information regarding Payees.

For the most part, as it relates to personal, non-public information, CallidusCloud’s services are limited to analyzing and processing data transferred to us from our customers’ servers. In all such instances, we receive such information solely in connection with the performance of our obligations under the applicable agreement and applicable laws, and only as they relate to our software applications. This means we specifically prohibit the use of the information we access or receive for any purpose other than the performance of Customer Services to our customers or as required by law.

In some instances, CallidusCloud may make limited use of cookies in certain environments to facilitate user navigation, experiences and troubleshooting; specific individual information is not retained, however. Please also note that our customers may deploy cookies that are returned to them. These are not accessed by us unless provided by our customers for analysis and processing.

Questions and Comments

If you believe your data has been used in a way that is not consistent with this policy or your stated preferences, or should you have further questions related to this policy, please contact Callidus by email at privacy@calliduscloud.com. Written inquiries may be addressed to General Counsel, CallidusCloud, 6200 Stoneridge Mall Road, Suite 500, Pleasanton, CA, 94588, United States of America.